<p><span style="font-size:18px"><strong>Prerequisites</strong></span></p> <ul> <li>To use the Ping An Cloud OpenAPI service, you must have a Ping An Cloud account and an access key.</li> <li>Create and manage your access key in the Ping An Cloud console, or contact your account administrator to obtain the access key.</li> <li>Before using an API for a product, make sure you have opened this product.</li> </ul> <p><span style="font-size:18px"><strong>Access Address</strong></span></p> <p>You can obtain the Ping An Cloud OpenAPI service at https://api.yun.pingan.com. Currently, the Ping An Cloud OpenAPI supports the following access styles:</p> <ul> <li><strong>Action style</strong>&mdash;Each request parameter contains multiple key-value pairs. Specify the name of an operation in the Action key-value pair, and service parameters in other key-value pairs. The Action APIs support GET and POST requests. The routing entrance of Action APIs is /api/v1 (https://api.yun.pingan.com/api/v1).</li> <li><strong>Restful style</strong>&mdash;Support the path parameter, the URL parameter, and the Body parameter. You can use the following HTTP methods to request resources: GET (for obtaining), POST (for adding or modifying), PUT (for updating), and DELETE (for deleting). The routing entrance is /rest/v1 (https://api.yun.pingan.com/rest/v1).</li> </ul> <p><span style="font-size:18px"><strong>Required Structure</strong></span></p> <p>Ping An Cloud supports URL-based HTTP/HTTPS GET or POST requests. The request parameters must be included in the URL. For example, for the GetUser API that obtains the current user information, its original URL request is as follows:</p> <p>https://api.yun.pingan.com/api/v1?Action=GetUser&amp;&lt;public request parameters&gt;</p> <ul> <li><strong>HTTPS</strong>&mdash;Communication protocol of the request.</li> <li><strong>api.yun.pingan.com</strong>&mdash;Access address of the service.</li> <li><strong>/Api/v1</strong>&mdash;API type.</li> <li><strong>Action=GetUser</strong>&mdash;API to be called.</li> <li><strong>&lt;public request parameters&gt;</strong>&mdash;Public parameters. For more information, see Public Request Parameters of the Ping An Cloud OpenAPI Service.</li> </ul> <p><span style="font-size:18px"><strong>Character Encoding</strong></span></p> <p>Both the requests and responses use UTF-8 encoding.</p> <p><span style="font-size:18px"><strong>Identity Authentication</strong></span></p> <p>The Ping An Cloud OpenAPI service uses access key-based identity authentication. Functioning as a password that is used for a console login, an access key is used to call APIs. Consisting of an access key ID and a secret access key, each access key is globally unique. The access key ID uniquely identifies a user. The client uses the secret access key to sign the request, and the server uses the secrete access key to verify the client&#39;s signature to determine whether the request is valid. The secret access key is user-sensitive information. You must keep it strictly confidential. Once stolen, it might be maliciously used to perform illegal operations on your resources in Ping An Cloud.</p> <p><span style="font-size:18px"><strong>Signature Mechanism</strong></span></p> <p>The Ping An Cloud OpenAPI service verifies the signature of a request to ensure that the request has not been altered in transit. The server accepts and executes only the requests that pass verification, and denies the requests that fail verification. The recommended signature algorithm is HMAC-SHA256. The client signs its requests by using the unique secret access key that is known only by the client and Ping An Cloud. By comparing the client-side and server-side signatures that are generated based on the same request data and the same key, the OpenAPI service determines whether the request is valid and unaltered.</p> <p><span style="font-size:18px"><strong>Signature Process</strong></span></p> <p>The client signs a request and then sends the request and its signature to the server. After receiving the request, the server signs the request data and compares its locally generated signature with the signature that it received from the client. To enable both the client and the server to generate the same signature, make sure the two parties use the same request data and the signature process. The signature process can be effected by the validity, timeliness, anti-replay attack, algorithm version, and API version. When you access the Ping An Cloud API service, the following public request parameters are required:</p> <p><span style="font-size:16px"><strong><em>Public Request Parameters of the Ping An Cloud Open</em>API<em> Service</em></strong></span></p> <table border="1" cellpadding="0" cellspacing="0" style="width:820px"> <tbody> <tr> <td style="width:149px"> <p><strong>Name</strong></p> </td> <td style="width:108px"> <p><strong>Type</strong></p> </td> <td style="width:198px"> <p><strong>Description</strong></p> </td> <td style="width:355px"> <p><strong>Remarks</strong></p> </td> </tr> <tr> <td style="width:149px"> <p>AccessKeyId</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>Access key ID that uniquely identifies a user.</p> </td> <td style="width:355px"> <p>The access key ID is included in the access key.</p> </td> </tr> <tr> <td style="width:149px"> <p>SignatureMethod</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>Signature algorithm.</p> </td> <td style="width:355px"> <p>The recommended signature algorithm is HMAC-SHA256, which is also the fixed value.</p> </td> </tr> <tr> <td style="width:149px"> <p>SignatureNonce</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>Random number of a request.</p> </td> <td style="width:355px"> <p>Each request must be followed by a complex random number to identify the request and prevent the request replay.</p> </td> </tr> <tr> <td style="width:149px"> <p>SignatureVersion</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>Signature version.</p> </td> <td style="width:355px"> <p>The currently supported version is 1.0, which is also the fixed value.</p> </td> </tr> <tr> <td style="width:149px"> <p>Timestamp</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>Signature timestamp.</p> </td> <td style="width:355px"> <p>Timestamp when the request is signed. The timestamp string is required for generating the signature.</p> </td> </tr> <tr> <td style="width:149px"> <p>Version</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>API version.</p> </td> <td style="width:355px"> <p>The currently supported API version is 2017-01-01, which is also the fixed value.</p> </td> </tr> <tr> <td style="width:149px"> <p>Signature</p> </td> <td style="width:108px"> <p>String</p> </td> <td style="width:198px"> <p>Signature of the request content.</p> </td> <td style="width:355px"> <p>The signature of the request content is calculated based on the special parameters above and service parameters.</p> </td> </tr> </tbody> </table> <p><span style="font-size:16px"><strong>Request Parameter Encoding</strong></span></p> <p>The client encodes the request parameter names and the parameter values in an HTTP/HTTPS request URL in compliance with RFC 3986 as follows:</p> <p>&bull;&nbsp;&nbsp;&nbsp; The following characters are not encoded: a to z, A to Z, 0 to 9, hyphens (-), underscores (_), dots (.), and tildes (~).</p> <p>&bull;&nbsp;&nbsp;&nbsp; Other characters are extended in the format of %XY, where XY is the hexadecimal strings converted from ASCII codes of the characters.</p> <p>&bull;&nbsp;&nbsp;&nbsp; A single space is encoded as %20 instead of a plus sign (+). If Java codes are used for signature generation, characters can be encoded by using the java.net.URLEncoder class in the Java standard library or the java.net.URLEncoder implemented in Java components. In either case, special processing is required for the encoding result. For example, the plus sign (+), asterisk (*), and %7E must be replaced with % 20, %2A, and tilde (~), respectively.</p> <p><span style="font-size:16px"><strong>Data Signature Process</strong></span></p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Step</strong></p> </td> <td style="vertical-align:top; width:633px"> <p>Action</p> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Configure parameters</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Set all values of public and service parameters.</li> <li>Service parameter: Action=GetUser.</li> <li>Public parameters: AccessKeyld=XXXXXXXX, version=2017-01-01, signatureVersion=1.0, signatureMethod=HMAC-SHA256, Timestamp=1579516096440, signatureNonce=14489499455.</li> </ul> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Encode key-value pairs</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Encode all the key-value pairs in the format of application/x-www-form-urlencoded. For example, if a value before encoding is a space, the encoded value is a plus sign (+).</li> <li>Replace some special characters in the encoding result. The plus sign (+) is replaced with %20, asterisk (*) with %2A, and %7E with tilde (~).</li> </ul> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Convert cases</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Convert<strong> </strong>all the key-value pairs to lowercase letters: action=getuser, accesskeyid=xxxxxxxx, version=2017-01-01, signatureversion=1.0, signaturemethod=hmac-sha256, timestamp=1579516096440, signaturenonce=14489499455.</li> </ul> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Sort key-value pairs</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Sort all the key-value pairs in alphabetical order: accesskeyid=xxxxxxxx, action=getuser, signaturemethod=hmac-sha256, signaturenonce=14489499455, signatureversion=0.1, timestamp=1579516096440, version=2017-01-01.</li> </ul> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Concatenate key-value pairs</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Concatenate all the key-value pairs with at signs (&amp;) to form the new data to be signed: accesskeyid=xxxxxxxx&amp;action=getuser&amp;signaturemethod=hmac-sha256&amp;signaturenonce=14489499455&amp;signatureversion=0.1&amp;timestamp=1579516096440&amp;version=2017-01-01.</li> </ul> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Sign data</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Use the secret access key and the HMAC-SHA256 algorithm to sign the concatenated data. The generated signature is yyyyyyyy. If the signature contains a plus sign (+), replace the plus sign with %2B. For example, replace yyyy+yyyy with yyyy%2Byyyyy.</li> </ul> </td> </tr> <tr> <td style="vertical-align:top; width:154px"> <p><strong>Send request</strong></p> </td> <td style="vertical-align:top; width:633px"> <ul> <li>Send a request of the original data (the unencoded and unconverted parameters) with the signature appended to the request URL. No special requirement for parameter orders when sending a request.</li> </ul> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p><span style="font-size:18px"><strong>Request and Response</strong></span></p> <p><span style="font-size:16px"><strong>Request Methods</strong></span></p> <p>GET, POST</p> <p><span style="font-size:16px"><strong>Public Request Parameters</strong></span></p> <table border="1" cellpadding="0" cellspacing="0" style="width:794px"> <tbody> <tr> <td style="width:221px"> <p><strong>Parameter Name</strong></p> </td> <td style="width:567px"> <p><strong>Description</strong></p> </td> </tr> <tr> <td style="width:221px"> <p>Public request parameters</p> </td> <td style="width:567px"> <p>For more information, see Public Request Parameters of the Ping An Cloud OpenAPI Service.</p> </td> </tr> <tr> <td style="width:221px"> <p>Service parameters</p> </td> <td style="width:567px"> <p>For more information, see the product-specific API document.</p> </td> </tr> </tbody> </table> <p><span style="font-size:16px"><strong>Public Response Parameters</strong></span></p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td> <p><strong>Name</strong></p> </td> <td style="width:114px"> <p><strong>Type</strong></p> </td> <td style="width:171px"> <p><strong>Description</strong></p> </td> <td style="width:383px"> <p><strong>Remarks</strong></p> </td> </tr> <tr> <td> <p>RequestId</p> </td> <td style="width:114px"> <p>String</p> </td> <td style="width:171px"> <p>Request ID.</p> </td> <td style="width:383px"> <p>A unique request ID is generated for each request.</p> </td> </tr> <tr> <td> <p>Code</p> </td> <td style="width:114px"> <p>String</p> </td> <td style="width:171px"> <p>Request result status.</p> </td> <td style="width:383px"> <p>English code of the request result.</p> </td> </tr> <tr> <td> <p>Message</p> </td> <td style="width:114px"> <p>String</p> </td> <td style="width:171px"> <p>International description of the request result.</p> </td> <td style="width:383px"> <p>You can set Accept-Language in the request header. The currently supported settings are zh-CN (default) and en-US.</p> </td> </tr> <tr> <td> <p>ResultCode</p> </td> <td style="width:114px"> <p>String</p> </td> <td style="width:171px"> <p>Request result code.</p> </td> <td style="width:383px"> <p>The code range is A00000 to Z99999.</p> </td> </tr> <tr> <td> <p>Service response parameters.</p> </td> <td colspan="3"> <p>For more information, see the product-specific API document.</p> </td> </tr> </tbody> </table>